1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • These Microsoft servers are helping fuel massive DDoS attacks

    From TechnologyDaily@1337:1/100 to All on Mon Oct 31 14:30:03 2022
    These Microsoft servers are helping fuel massive DDoS attacks

    Date:
    Mon, 31 Oct 2022 14:26:57 +0000

    Description:
    Thousands of servers all over the world abused to serve as data amplifiers, genering tons of DDoS traffic.

    FULL STORY ======================================================================

    More than 12,000 poorly configured Microsoft servers have been discovered being abused to conduct impressively potent distributed denial of service ( DDoS ) attacks.

    Cybersecurity researchers from Black Lotus Labs uncovered a total of 12,142 servers sporting Microsoft domain controllers hosting the companys Active Directory services that were being used by multiple malware variants to magnify the size of DDoS attacks.

    The servers belong to all sorts of organizations, from religious ones in
    North America, to commercial entities in North Africa. Abused for months

    Some of the most powerful ones exceeded 10Gbps in junk traffic, and reached
    as high as 17Gbps, the researchers said. Speaking to Ars Technica in an
    email, Black Lotus Lab researcher Chad Davis said the traffic was strong enough to DoS some less well-provisioned servers all by itself. In theory, a hundred of these, working in unison, could generate a Terabit per second of attack traffic, he said.

    Some of these servers were abused for months, researchers further found. One, discovered in North America, was sending out gigs of junk traffic for 18 months, peaking at 2Gbps.

    How were they able to produce such high output? By serving as amplifiers, or reflectors. Instead of using the compromised server endpoints to send junk traffic to the targets directly, and thus risk being spotted, attackers would send network requests to third parties, first. If those third parties were misconfigured in their networks, in the way these servers were, the requests could be spoofed as if they were coming from those third parties themselves. Not only that, but the servers could reflect the data at the target in sizes thousands of times bigger than the original payload. Read more

    Alarm raised over bug that opens the door to colossal DDoS attacks


    Windows Remote Desktop servers hacked for use in DDoS attacks


    These are the best internet security suites around

    According to Ars Technica , some of the more popular reflectors are misconfigured servers running open DNS resolvers, the network time protocol, Memcached for database caching, and the WS-Discovery protocol usually found
    in IoT devices.

    More recently, threat actors started using the Connectionless Lightweight Directory Access Protocol (CLDAP) as a source of reflection attacks. As Microsofts variant of the Lightweight Directory Access Protocol, CLDAP uses User Datagram Protocol packets so Windows clients can discover services for authenticating users, the publication explained. Apparently, threat actors have been using this protocol for five years now, magnifying data torrents by up to 70 times.

    The full report can be found on this link . Here's our take on the best firewalls today

    Via: Ars Technica



    ======================================================================
    Link to news story: https://www.techradar.com/news/these-microsoft-servers-are-helping-fuel-massiv e-ddos-attacks/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)